Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
2.6.0
-
Reviewed
Description
Binding aclManager to RMWebApp would cause problem if RM is switched. There could be some validation check may fail.
I think , we should not bind aclManager for RMWebApp, instead we should get from RM instance.
In RMWebApp,
if (rm != null) { bind(ResourceManager.class).toInstance(rm); bind(RMContext.class).toInstance(rm.getRMContext()); bind(ApplicationACLsManager.class).toInstance( rm.getApplicationACLsManager()); bind(QueueACLsManager.class).toInstance(rm.getQueueACLsManager()); }
and in AppBlock#render below check may fail(Need to test and confirm)
if (callerUGI != null && !(this.aclsManager.checkAccess(callerUGI, ApplicationAccessType.VIEW_APP, app.getUser(), appID) || this.queueACLsManager.checkAccess(callerUGI, QueueACL.ADMINISTER_QUEUE, app.getQueue()))) { puts("You (User " + remoteUser + ") are not authorized to view application " + appID); return; }